Skip to content
Portada » Blog » Verify Firmware

Verify Firmware

Pico HSM and Pico Fido firmware is open source and anyone can modify it. An attacker could create a malicious firmware and upload it to your Pico device if it is unattended.

Pico Tool

Raspberry Foundation provides a tool called Pico Tool that is able to retrieve your firmware and compare it with the original firmware it should be run. If there is a mismatch, it will complaint.

Steps

  1. Download, build and install Pico Tool from their repository.
  2. Put your Pico in BOOTSEL mode.
  3. Execute
$ picotool verify pico_hsm.uf2

And it will return OK if the firmware uploaded matches with the file you are comparing. If an attacker has modified your firmware, you will notice it easily.